Security threatens World Peace

Filed under: Governance — lenand @ 9:20 am

The BCS thought leadership debate in security threats volunteered me as table rapporteur (thanks for all the fish) and here are my jottings.  Re-use of code is the name of the game.

Our table talked about four areas: Actors, Vectors, Identity and Education.

  • Actors: People start young in subverting rules. They see the social attractions, the need to crack videos and to avoid nanny proxy servers. They gain specialist skills and some finish up as specialists in money laundering. There is a global market for skilled people, but it is not constrained by global law. Spooks understand that nation states must employ these people to get best possible outcomes. It is big business and it is now possible to identify risks sufficiently well to buy insurance.
  • Vectors: It is an asymmetric game. The costs are low and accusations deniable. One hacker can spam a huge network. Malware is planted in millions of devices to create botnets that target commercial or public sector competitors. Social sites are a prime target for leading people to infected web sites and overloading national infrastructure. It is difficult to counter Twitter in the spreading of messages unwanted by political leaders. There was talk at the table about the need for second strike capability – just like nuclear warfare strategy. Many people volunteer to join botnets, it is not just China who use them to attack political opponents (the case of taking out CNN from a central command). Note that the Cloud can be safer with more points of presence and more hardened infrastructure.
  • Identity: The main issue is theft. Police do not follow up reports and do not count cyber-crime events. Banks have accepted that there is an optimum level of loss and charge it back to customers. Nothing will happen to change this attitude. Criminals use the proceeds to funding extra attacks, balancing investment versus risk of being caught. The citizen has no rights of retribution or revocation of bad data.
  • Education: Critical to the economy. We need people that can produce good security coding. A career path is needed that ensures that skills are kept up to date with the latest threats. Employers must be aware of the high cost of changing systems to meet security challenges. All people should start their security learning in Primary schools. They need Facebook lessons and valid reasons for managing multiple identities. As one participant said, we need to teach the equivalent of the Green Cross Code.

These are not my opinions – but those of the table.  Chatham House Rule.


1 Comment »

  1. […] know whether I feel better about it, but there was talk of a second strike capability at the BCS Security Forum I […]

    Pingback by One strike, and you are out? « Quarkside — 26/10/2010 @ 10:25 pm | Reply

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: